Bug 1032525 - vdsClient should accept passwords using means safer than a command line option
Summary: vdsClient should accept passwords using means safer than a command line option
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: vdsm
Classification: oVirt
Component: General
Version: 4.16.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ovirt-3.6.3
: ---
Assignee: Piotr Kliczewski
QA Contact: Petr Kubica
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-20 10:56 UTC by Yedidyah Bar David
Modified: 2016-02-18 11:12 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-02-18 11:12:07 UTC
oVirt Team: Infra
rule-engine: ovirt-3.6.z+
ylavi: planning_ack+
rule-engine: devel_ack+
rule-engine: testing_ack+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
oVirt gerrit 24733 0 master MERGED vdsClient: alternative ways to provide password Never

Description Yedidyah Bar David 2013-11-20 10:56:54 UTC 
Description of problem:

Every action that accepts a password on the command line should be able to accept it also using safer means: Interactively, using an environment variable, reading from a file.

I am currently opening this bug for setVmTicket in bug #1021902 but it's applicable elsewhere in vdsClient.
Comment 1 Itamar Heim 2014-01-12 08:43:34 UTC 
setting target release to current version for consideration and review. please do not push non-RFE bugs to an undefined target release to make sure bugs are reviewed for relevancy, fix, closure, etc.
Comment 3 Barak 2014-02-11 12:49:25 UTC 
What vdsCli commands accepts password ?
Comment 4 Yaniv Bronhaim 2014-02-18 11:25:24 UTC 
discoverST connectStorageServer setVmTicket validateStorageServerConnection disconnectStorageServer desktopLogin  are the commands that get password as part of theirs parameters
Comment 5 Piotr Kliczewski 2014-02-19 13:05:39 UTC 
oVirt gerrit 24733
Comment 6 Sandro Bonazzola 2014-03-04 09:24:02 UTC 
This is an automated message.
Re-targeting all non-blocker bugs still open on 3.4.0 to 3.4.1.
Comment 8 Red Hat Bugzilla Rules Engine 2015-10-18 08:34:24 UTC 
Bug tickets that are moved to testing must have target release set to make sure tester knows what to test. Please set the correct target release before moving to ON_QA.
Comment 9 Petr Kubica 2016-01-07 15:05:49 UTC 
tested with vdsm-4.17.15-0.el7ev.noarch
failed with use auth=file:/root/file

#echo "password" > /root/file
#vdsClient -s 0 setVmTicket <vmID> - 120 -- auth=file:/root/file

after that it's not possible login to display via vncviewer with password "password". There is a problem with reading a file, readed file has one more character (end of line).

'env' and 'pass' working properly.
Comment 10 Red Hat Bugzilla Rules Engine 2016-01-07 15:05:52 UTC 
Target release should be placed once a package build is known to fix a issue. Since this bug is not modified, the target version has been reset. Please use target milestone to plan a fix for a oVirt release.
Comment 11 Piotr Kliczewski 2016-01-11 14:07:40 UTC 
I checked the code and this scenario is covered by unit tests so I attempted to reproduce the issue using latest master (there were no changes for this functionality). 

I host deployed vdsm, configured nfs storage and created a vm. After that I run commands as described in comment #9 and I got following output:

[root@f20 hosted]# vdsClient -s 0 setVmTicket 8e2456e6-cdf6-418f-893b-c714068e2fc8 - 120 -- auth=file:/root/file
	code = 0
	message = 'Done'

Please note that I run the commands as root. Please make sure that you have correct permissions and if you still see the issue please provide steps to reproduce. Otherwise I am going to close this BZ.
Comment 12 Petr Kubica 2016-01-14 15:20:37 UTC 
I did an update engine & host to vdsm-4.17.17-0.el7ev.noarch and now everything is working.

So I move it to verified

Verified in vdsm-4.17.17-0.el7ev.noarch
Note You need to log in before you can comment on or make changes to this bug.